PT-2022-18685 · Joomlatools · Joomlatools Docman

Published

2022-07-10

Updated

2022-07-25

CVE-2022-27910

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Joomlatools - DOCman versions 3.5.13 and likely earlier

Description The issue is related to a reflected Cross-Site Scripting (XSS) in an image upload function. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser.

Recommendations For versions 3.5.13 and earlier, consider disabling the image upload function until a patch is available to prevent exploitation of the reflected Cross-Site Scripting (XSS) issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-27910

Affected Products

Joomlatools Docman

PT-2022-18685 · Joomlatools · Joomlatools Docman

CVE-2022-27910

Weakness Enumeration

Related Identifiers

Affected Products

References · 4